There are technologies to connect physical servers to storage apparatuses over networks. The technologies include Internet Small Computer System Interface (iSCSI), in which physical servers are coupled to storage apparatuses over Internet Protocol (IP) networks. Network addresses, such as IP addresses, are given to the physical servers and the storage apparatuses coupled over the IP networks on the basis of network devices installed in the physical servers and the storage apparatuses, and the physical servers communicate with the storage apparatuses by using the network addresses.
Multiple virtual machines (VMs) can be run on the physical servers to access the storage apparatuses on the networks in recent years.
Since the network addresses used in the communication are given to the respective network devices. In other words, the network addresses are not given to the respective VMs running on the physical servers. Accordingly, the network addresses allocated to the network devices (e.g. NIC (Network Interface Card)) installed in the physical servers are used in access from the VMs running on the physical servers to the storage apparatuses. In other words, the multiple VMs running on the physical servers may use the same network addresses to access the storage apparatuses.
Since the multiple physical servers access the storage apparatuses over the networks, accessible areas in the storage apparatuses can be restricted for every physical server from the viewpoint of security. However, any physical server can make access beyond the accessible areas that are set in advance due to, for example, faulty or malicious software (such access is hereinafter called unauthorized access). Such unauthorized access can be monitored by capturing packets on the networks. For example, packet capture apparatuses are provided in the networks and source physical servers are identified on the basis of the network addresses included in the packets captured by the packet capture apparatuses to monitor the presence of access to areas outside the accessible areas of the storage apparatuses included in the packets.
However, when the source IP addresses are allocated to the respective network devices (e.g. NIC) installed in the physical servers, as described above, even if the packets are acquired, it may not be determined which VMs running on the physical severs transmits the packets.
Accordingly, it is not possible to determine whether the respective VMs make access to areas outside the allocated areas or within the allocated areas by using the source network addresses.
In other words, in the identification by using the source IP addresses, it is not possible to determine whether the access from the physical servers executing the virtual servers is unauthorized access or authorized access to the storage apparatuses.
Related art is disclosed in, for example, Japanese Laid-open Patent Publication No. 2005-269486.